HTTPS installation instructions  Testing your HTTPS connections

Chapter 4: Installing and Configuring a Web Server Redirector Plug-In

Enable HTTPS connections

To enable your Web server redirector to establish HTTPS connections with EAServer:

  1. Follow the same instructions as for establishing HTTP connections, for your Web server and platform.

  2. Sun Java System

    Define the redirector configuration directives listed in Table 4-6. For more information, see “Edit the redirector configuration file” for iPlanet and Sun Java System, or “Edit the redirector configuration file” for Apache.

    Table 4-6: HTTPS directives

    Directive name

    Default or valid value

    Comments

    Connector.Https.qop

    <sybpks_simple | sybpks_intl | sybpks_domestic | sybpks_strong>

    Identifies the cipher suites the client (the Web server redirector in this case) is willing to utilize while negotiating an SSL connection.

    Connector.Https.pin

    <sybase>

    Specifies the PKCS #11 token PIN. This is required for logging into PKCS#11 module for retrieving trust information.

    Connector.Https.cacheSize

    <100>

    SSL session IDs are cached once a successful connection has been established. When the client reconnects to the server, the client can reuse the previously established SSL session parameters by sending the old SSL Session ID to the server. This improves performance if the client is frequently connecting to, and disconnecting from, the same server. The cache size is the size of this SSL Session ID cache.

    Connector.Https.SessLingerTime

    <28800> (8 hours)

    Specifies in seconds the duration for which a session ID entry is kept in the SSL session cache after the last SSL connection using that session ID is terminated.

    Connector.Https.SessShareCount

    <10>

    Specifies the number of concurrent SSL sessions that can use the same SSL session ID.

    For a description of these directives, see CtsSecurity/SSLSessionInfo in the generated IDL documentation, which is available in HTML format in the html/ir subdirectory of your EAServer installation.

  3. Set the JAGUAR_CLIENT_ROOT environment variable on the Web Server host to point to the location of your EAServer client installation. The directory pointed to by JAGUAR_CLIENT_ROOT must contain the db subdirectory, which contains the sybcert.db and sybkey.db files, and the Web server process must be able to read these files. sybcert.db and sybkey.db contain certificate files, including the Jaguar User Test CA.

  4. Edit the redirector configuration file to map requests sent to the redirector by the Web server to EAServer HTTPS listeners. For more information, see “Mapping Web server requests to EAServer listeners” for iPlanet and Sun Java System, or “Mapping Web server requests to EAServer listeners” for Apache. Map requests to HTTPS listeners by using the appropriate host:port combination. See “Testing your HTTPS connections” for more information.




Copyright © 2004. Sybase Inc. All rights reserved. Testing your HTTPS connections

View this book as PDF